Connect with us

Hi, what are you looking for?



Security Firm Dangles $500,000 for iOS 0-Days

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Exodus Intelligence’s Research Sponsorship Program (RSP), which is focused on acquiring vulnerability research and exploits, is now looking for exploits for both zero-day and N-day vulnerabilities, the company announced.

The bounties promised by the company are substantial: working Apple iOS exploits can earn researchers up to $500,000, while working Microsoft Edge exploits could go for as much as $125,000. 

Exodus also reveals that a new bonus structure is rolling out for the acquisition of research and exploits for 0-day vulnerabilities. The company will offer the researcher an initial payment for each of the new 0-day acquired, but only after the request has been reviewed and accepted, and might also send the researcher additional payments every quarter the Zero-Day exploit is still alive.

News of the program comes less than a week after Apple announced that it would offer up to $200,000 for finding vulnerabilities in its products.

“The specific values of the initial payment and quarterly bonus will be included in an offer presented to the researcher, following the review of their work. Additionally, Exodus also offers payment in the form of Bitcoin for Zero-Day research,” the company says.

The RSP website is where the 0-day hitlist can be found, and developers interested in entering the program should register there. Even researchers focused on different areas are encouraged to contact Exodus for consideration.

Advertisement. Scroll to continue reading.

Interested developers should submit their research through the RSP website and the company promises a response within 10 business days. Depending on the completeness of the research, larger payments could be offered, and researchers might also receive public acknowledgement, if desired, Exodus says.

The $500,000 payout for iOS exploits matches that offered by exploit acquisition firm Zerodium in program announced late last year. For a short period, Zerodium even offered up to $1 million for an iOS 9 exploit, which was awarded to Pangu Team, a Chinese group specializing in iOS jailbreaks. 

When it comes to N-day exploits, Exodus says it would consider and purchase only fully functional exploits.

“Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry. This additional source of research, supplemented by the investigation and validation of our world-class team, will continue to ensure that our clients receive early notification of the most critical vulnerabilities so that they can offer the best defense possible,” Logan Brown, President, Exodus Intelligence, says.

Related: Zerodium Publishes Prices for Zero-Day Exploits

Related: iOS 9.1 Jailbreak Earns Hackers $1 Million Bounty

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.